Protection of personal data

On 25 May 2018, the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) became mandatory. Legislative Decree 101 of 10 August 2018, laying down rules for the adaptation of national legislation to Regulation (EU) 2016/679, consequently amended the provisions of the Personal Data Protection Code, Legislative Decree 196/2003 (the so-called New Privacy Code), which has been further amended and supplemented over time.

The GDPR strengthened the right to personal Data Protection, and recognized it as a fundamental right in the EU.

FS Group considers protection of the personal data of its customers, employees and suppliers an obligation that goes beyond mere regulatory compliance. For this reason, it has also equipped itself with its own Data Protection Framework, understood as the set of rules and methods defined by the system of organisational rules on Data Protection, the roles and responsibilities of the structures involved, the processes and information systems, the set of personal data processing for business and operational needs, and the system of controls aimed at managing and mitigating the risks to the rights and freedoms of individuals linked to the processing of personal data.

This policy concerns processing of the personal data of users visiting www.fsitaliane.it for the purposes specifically identified below, and does not concern any of the information collected through other methods and/or any websites that can be reached by users via links on the website, which are assisted by specific information notices.

Here are Ferrovie dello Stato Italiane S.p.A. reference data:

Ferrovie dello Stato Italiane S.p.A., the Data Controller, is represented by the Chief Executive Officer, with registered office in Piazza della Croce Rossa, 1 - 00161 (Rome), who can be contacted at titolaretrattamento@fsitaliane.it.

The Data Protection Officer can be contacted by email at: protezionedati@fsitaliane.it.

Below is a list of the types of personal data processed through the website, within the limits of the purposes defined in this policy:

• The voluntary submission of emails to the addresses indicated on this website entails the subsequent acquisition of the e-mail address, and any other personal data included in the electronic communication, as well as the sender's data, which is necessary to reply to requests. Such data is used for the sole purpose of providing the requested information; data shall not be used for other purposes, unless explicit consent is provided by the data subject;
• By navigating the website, technical information relating to the hardware and software used by visitors may be collected. This information provides only data of a technical/informative nature, which may be used in an aggregate and anonymous manner for the sole purpose of improving the quality of the service and providing statistics concerning the use of the Site. For further information, see the relevant Cookies section.

Personal data shall be processed by computerised means for the time strictly necessary to achieve the purposes for which they were provided, and the related computer media shall be protected by the adoption of appropriate technical-organisational measures, pursuant to Article 32 of the GDPR.

EU Regulation 2016/679 (the so-called GDPR) grants data subjects the exercise of specific rights. In particular, in relation to personal data processing, covered by this information notice, you as data subject have the right to request from the Company:

• Access: you may request confirmation as to whether or not data relating to you is being processed, as well as further clarification of the information set out in this notice (Article 15);
• Rectification: you may request the rectification or supplementation of the data you have provided if it is inaccurate or incomplete (Article 16);
• Erasure: you may request the deletion of any data no longer necessary for our purposes, if you withdraw your consent or object to processing, if processing is unlawful, or if there is a legal obligation to delete them (Article 17);
• Limitation: you may request a restriction on the processing of your data, if you challenge their accuracy, for the time necessary to verify them; in the event of unlawful processing for which you object to the deletion of your personal data; if your personal data are necessary for the establishment, exercise or defence of a legal claim; and in the event of opposition to processing pending verification as to whether the legitimate reasons of the Data Controller Company prevail over your own (Article 18);
• Portability: you may ask to receive your data, or to have them transmitted to another Data Controller indicated by you, in a structured, commonly used and machine-readable format (Article 20);
• Objection: you may object at any time to the processing of your data, unless there are legitimate grounds for processing which override yours, e.g., for the exercise or defence of the Data Controlling Company’s rights in court (Article 21).

At any time, you may ask to exercise your rights at Ferrovie dello Stato Italiane S.p.A. by contacting webteam@fsitaliane.it or the Data Protection Officer protezionedati@fsitaliane.it.

Furthermore, we inform you that you have the right, if you believe your rights have been infringed, to lodge a complaint with the Garante per la Protezione dei Dati Personali.

This Policy relates to the processing of personal data by Ferrovie dello Stato Italiane S.p.A.